<?php
require_once($_SERVER['DOCUMENT_ROOT']."/defaultconf.mex");
require_once($GLOBALS['PAD']."Modules/RHUSJW24/modconf.mex");
MYDCONN();
require_once($GLOBALS['OBJ'].'obj.mail.mex');

# DEFAULT VARS
$makenotify = 0;
$tmp_password = rand_string(8);

# MAKE PERMISSION STRING
$permstring = '';
for ($i=1;$i<=$_POST['tot_modules'];$i++) {
	$modpos = $_POST['mod_'.$i];
	if ($modpos != '0') {
		$permstring .= $i.$modpos.';';
	} else {
		$permstring .= $modpos.';';
	}
}
if($_POST['ref'] == 0 && (!isset($_POST['StaffMember']) || $_POST['StaffMember'] < 1)) {
	$error = 01950;
} elseif($_GET['act'] == 1) {
	$getMember = $GLOBALS['MYD']->db_array("SELECT * FROM systemoffice.staff_members WHERE smb_ID = {$_POST['StaffMember']}");
	$getUsers = $GLOBALS['MYD']->db_array("SELECT ref FROM systemoffice.main_users WHERE username = '{$_POST['username']}'");
	if (isset($getUsers[1])) { $error = 01955;}
	if(!isset($getMember[1])) { $error = 01951; } elseif ($getMember[1]['smb_CttEmail'] == '') { $alert = 01952; }
}
$chk_timetable = 0;
for ($i=0;$i<=6;$i++) {
	if ($_POST['upr_Day'.$i] == 0) {
		$_POST['upr_Day'.$i] = 0;
	}
	$chk_timetable += $_POST['upr_Day'.$i];
}
if ($chk_timetable == 0) {
	$error = 02954;
}
if (!isset($error)) {
	if($_GET['act'] == 1) {
		if($_POST['ref'] == 0) {
			if ($_POST['username'] == '') { $error = 01953;
			} else {
				$new_pass = md5($tmp_password);
				$GLOBALS['MYD']->db_query("INSERT INTO main_users
			(ref_office,
				username,
				password,
				settings_langs_ref,
				settings_countries_ref,
				modules_ref,
				RefDept,
				CatProf,
				Secc,
				usr_UserGroup,
				StaffMember) VALUES
			('{$_POST['ref_office']}','{$_POST['username']}','{$new_pass}',1,1,'{$permstring}',0,0,0,{$_POST['usr_UserGroup']},{$getMember[1]['smb_ID']})");
				$get_User = $GLOBALS['MYD']->db_array("SELECT ref FROM main_users
				WHERE username = '{$_POST['username']}' AND password = '{$new_pass}' ORDER BY ref DESC LIMIT 0,1");
				$GLOBALS['MYD']->db_query("INSERT INTO timeclock_profiles
			(UserID, delay, tolerance, upr_Day1, upr_Day2, upr_Day3, upr_Day4, upr_Day5, upr_Day6, upr_Day0)
			VALUES
			({$get_User[1]['ref']},0,0,{$_POST['upr_Day1']},{$_POST['upr_Day2']},{$_POST['upr_Day3']},{$_POST['upr_Day4']},{$_POST['upr_Day5']},{$_POST['upr_Day6']},{$_POST['upr_Day0']})");
				$notify_user = 1;
			}
		} else {
			$GLOBALS['MYD']->db_query("UPDATE main_users
				SET
					usr_UserGroup = {$_POST['usr_UserGroup']},
					modules_ref = '{$permstring}'

				WHERE ref = {$_POST['ref']}");
		}

	} elseif($_GET['act'] == 2) {
		$new_pass = md5($tmp_password);
		$GLOBALS['MYD']->db_query("UPDATE main_users SET password = '{$new_pass}', type = 5 WHERE ref = {$_GET['RSID']}");
		echo '<script charset="utf-8" type="text/javascript">
				replaceUrl(\'user_form\',\''.$MODURL.'Lib/frm_user.php?RSID='.$_GET['RSID'].'\');</script>';
	} elseif($_GET['act'] == 3) {
		$new_pass = md5($tmp_password);
		$GLOBALS['MYD']->db_query("UPDATE main_users SET password = '{$new_pass}', type = 2 WHERE ref = {$_GET['RSID']}");
		echo '<script charset="utf-8" type="text/javascript">
				replaceUrl(\'user_form\',\''.$MODURL.'Lib/frm_user.php?RSID='.$_GET['RSID'].'\');
				ResetPassword.innerHTML=\''.$tmp_password.'\';</script>';
		$notify_user = 0;
	} elseif($_GET['act'] == 4) {
		$new_pass = md5($tmp_password);
		$GLOBALS['MYD']->db_query("UPDATE main_users SET password = '{$new_pass}' WHERE ref = {$_GET['RSID']}");
		echo '<script charset="utf-8" type="text/javascript">
				ResetPassword.innerHTML=\''.$tmp_password.'\';</script>';
		$notify_user = 0;
	} else {

		die('no action set.');
	}
}
if (isset($error)) {
	$ERR[01950] = 'Impossivel executar, nao foi indicado um funcionario.';
	$ERR[01951] = 'Impossivel executar, funcionario inexistente ou incorrecto.';
	$ERR[01953] = 'Impossivel executar, indique um nome de utilizador.';
	$ERR[02954] = 'Tem de indicar pelo menos um dia de actividade para este funcionario.';
	$ERR[01955] = 'Impossivel executar, utilizador ja existe.';

	echo '<div class="Error">'.$ERR[$error].'</div>';
} elseif (isset($alert)) {
	$ALT[01952] = 'Concluido, nï¿½o foi possivel enviar o email de notificacao ao funcionario, por nao ter indicado um endereco de email.';
	echo '<div class="Alert">'.$ALT[$alert].'</div>';
} else {
	if ($notify_user == 1) {
		$_sysMailTopic = 'MoneyOne TUGA - Acesso a sistema';
		$_sysReceiver = $getMember[1]['smb_CttEmail'];
		$_sysMailBody = ' A password para o seu acesso ao TUGA foi alterada pela administracao de funcionarios. A nova password ï¿½ '.$tmp_password;
		$_sysMailBody .= '<br/>Caso nao tenha solicitado, ou nao tenha sido informado da alteracao, comunique de imediato ao departamento responsavel.';
		authmail('<no-reply@moneyexpress.pt>','ASD',$_sysReceiver,$_sysconfMailName1,$_sysMailTopic,'',$_sysMailBody,'',$_sysconfMailString);
		echo '<script charset="utf-8" type="text/javascript">
				user_form.innerHTML=\'<div class="Confirm">Concluido e enviado email com dados de acesso.</div>\';</script>';
	} else {

	}
}